Cryptographic hashes?

Darius Clarke DClarke at fadal.com
Wed Aug 27 22:41:53 UTC 2003 

Article about getting free certificates from non-profit CAcert
http://www.cacert.org/.

http://www.alwayson-network.com/comments.php?id=878_0_5_0_C


Cheers,
Darius







-----Original Message-----
From: Oca Emilio [mailto:eoca at afip.gov.ar] 
Sent: Wednesday, August 27, 2003 06:25 AM
To: chris at funkyobjects.org; The general-purpose Squeak developers list
Subject: RE: Cryptographic hashes?


Chris,

I didn't look at the SHA & MD5 squeak implementation, but I think that
you
need a whole (standard) protocol to get what you need. 

To encrypt a message:
* You first get a random one-time pad key (or session key).
* You are going to encrypt your message with this otpKey.
* With your encrypted message, you are going to send this otpKey
encrypted
with the destination public key.
* Only he/she would be able to open the encrypted otKey and then decrypt
the
intended message

A session key allows the use of faster crypt algorithms than the ones
involved on private/public key encryption.

To sign your message:
* You get a digest from your message using SHA or MD5 (That's what they
are
for)
* You encrypt with your private key that digest end send it with your
encrypted or plain message.
* Whoever reads it can re-digest the message 
* And then verify that the decrypted (with your public key) digest you
have
sent matches the re-digest.

The secure shipment of publics key is covered on certificates.
In this case, the certificate issuer makes a digest of your 'personal'
data
and your public key and then sign it. Then the issuer attaches his own
certificate, which you could verify with his public key.
You just can trust this certificate or get a certificate of the
issuer...
and so on.
This chain stops when you get to one of the issuers whose certificates
are
already hardcoded on IExplorer, Netscape or so like VeriSign, Thawte,
etc.

I don't know what else (apart from digest algorithms) is implemented on
squeak to support this.

Regards

	Emilio



> -----Mensaje original-----
> De: Chris Muller [mailto:afunkyobject at yahoo.com]
> Enviado el: Martes, 26 de Agosto de 2003 18:39
> Para: mdrs at akasta.com; Squeak List
> Asunto: Re: Cryptographic hashes?
> 
> 
> 
> > There are two cryptographic hashes which are easy to use in Squeak,
SHA
> > and MD5.
> 
> Hi Mike, I, too am interested in this.  I looked at the 
> classes you mentioned,
> and they look nice and simple for signing messages and verifying those
> signatures.  However, I was not clear about how or where any 
> encryption or
> decryption occurs.  I want to make Strings unreadable except 
> by those whom I've
> "sent" a message encrypted with my private and their public key.
> 
> Please forgive my ignorance in this subject, how do I do this?
> 
> Thank you !
>   Chris
> 
> __________________________________
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software
> http://sitebuilder.yahoo.com
> 






























































***********************************************************************************
This transmission contains information which may be legally privileged, proprietary in nature, or otherwise protected by law from disclosure, and is intended only for the use of the addressee(s) named above. If you are not the addressee, or the person responsible for delivering this to the addressee(s), you are hereby notified that reading, copying, or distributing this transmission is prohibited. If you have received this transmission in error, please telephone us immediately at 818-407-1400 and mail the transmission back to us at the above address.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
***********************************************************************************

More information about the Squeak-dev mailing list